HIT Think
How front-line caregivers can be prepared to blunt cyberattacks

Every day, nurses collect and analyze information to ensure that patients are getting the right care at the right time. That same preventative approach is critical to improving cybersecurity at the point of care.

Just as nurses are critical members of the patient care team, they are also key contributors to the strategy of prevention, education and recovery that every hospital can use to minimize damage from cyberattacks.

Human users have the ability to let hackers into an organization’s systems. This is where nurses and front-line providers can become the “human firewall” for their organizations.

Ransomware has become a favored tactic for hackers who want to make quick money by encrypting an organization’s data and demanding payment to unlock it. Two of the most common methods for ransomware attacks are through “phishing emails,” which is typically an email that looks like it comes from someone you know or do business with, or infected websites that employees innocently visit.

The user may click on a link within an email which takes them to a malicious website. The malicious website typically will be disguised as a legitimate website, and it may prompt them to enter personally identifying information like the username and password they use for accessing work email and other systems. With that, the hackers can now log on to a legitimate account. Another possibility is that the malicious website tries to install malware directly to a device, disrupting its operations, recording personal information or taking control of the device.

Another common phishing email scenario is that the email may have an attached file. Frequently it is a Microsoft Word document or PDF that is masquerading as something else, like an invoice or a report. If the report is opened, it will launch the malware. Once the malware gets into the first computer, it links to open file shares on the network and infects more machines, encrypting data as it goes. An entire hospital or provider network can have its computer systems shut down by this form of attack.

Another common hacking strategy is spear phishing. As the name implies, it’s related to phishing, the practice of sending emails that attempt to collect personally identifiable information from recipients. What makes spear phishing more difficult to detect is that the emails are designed to look like they come from a known or trusted sender. In some cases, it’s very difficult to tell the difference between a spear phishing email and the real thing. The “from address” in the email may actually say the person’s name, but the actual email address may be wrong. The web links may go to a similarly named website.

Hackers are also using social media to spread viruses by hijacking someone’s account and sharing links to malicious websites with their friends list. Usually they just look like a link being shared from someone you know—hackers want others to believe the link is safe.

One of the most effective technologies to prevent cyberattacks is multi-factor authentication, meaning a system that requires more than a username and password to access. For example, after logging in, many sites and apps are starting to ask for a “second factor” of authentication.

From an IT perspective, the best MFA uses two of these three elements: something you know [a username and password], something you are [a human being with a fingerprint] and something you have [a badge or other device]. It’s common at many hospitals to use an ID badge as the second factor. Thus, a hacker would have to know a password and steal a badge to log onto the system. This higher level of security enables an IT staff to consider other security projects, such as Single Sign On (SSO), which enables users to sign on and access devices in different physical locations or switch between prescription, lab order and financial systems without being prompted for a username and password.

After these security measures are incorporated into a nurse’s workflow, they become as natural as hourly bed checks. Most importantly, these preventative steps protect patient information, adhere to HIPAA guidelines and ensure that hackers can’t get to critical data or disrupt the hospital’s operations.

Nurses also should be drilled frequently on the following procedures.

If they get an email that looks like it’s from someone at your organization, but they’re a bit skeptical, they should not reply to the email. Instead, send a separate email or call to confirm that they’re actually looking for that information. Be aware that sometimes the hacker has control of that person’s email account—there have been occasions where hackers were actively responding to emails, so it’s not sufficient to just respond to the email that’s been received.

In the case of Facebook messages, one way to defeat potential attacks is by checking to see if a message that includes a URL also includes a preview. If it doesn’t, that’s a major indication that the link may not be safe.

If an email is received from a bank, credit card company or an online retail store, users can simply navigate directly to the website in a browser and log into the account to see if any messages have been actually sent. When in doubt, contact the organization by phone, email, or through the company’s website.

Even with the best prevention plans, an organization still can be victimized by a hacker, because it only takes one point of failure to breach defenses. Here’s where having a clear recovery program is critical. The best-prepared organizations have layers of backups in place—whether on separate cloud-based servers or a remote physical location where electronic records are kept. In addition, they build recovery right into the nurse’s daily workflow and regular training.

By having these strategies in place, hospitals that get hit with cyberattacks can quickly shut down the system, locate infected files and hardware, rid the system of malicious code, and get back to full functionality with a minimum of downtime.